After announcing the public preview of critical Microsoft Authenticator security features, we’re thrilled today to share that these features are now Generally Available for you to further secure your...
Updated Feb 22, 2023
Version 2.0
Blog Post
3 MIN READ
Advanced Microsoft Authenticator security features are now generally available!
May I ask a question about the upcoming Microsoft Authenticator enhancements? Is there a policy mechanism that would allow us to prevent password-less authentication from being activated during logins for a particular Enterprise Application?
In testing, we’ve found a very common app in higher-ed that is incompatible. There’s something wrong with the service’s SAML integration as built or configured.
Here’s the error we are seeing on login,
AADSTS75011: Authentication method 'X509, MultiFactor' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'. Contact the (service) application owner.
While we work with the service provider on their SAML config, it would be great to be able to exclude that app from “phone sign-on” / number matching / password-less login and force just that one app to rely on old fashioned Microsoft Authenticator MFA.